winmde.dll

Description: WinMDE DLL

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.3636

Architecture: 64-bit

Operating System: Windows NT

SHA256: b9f6d8faa4713195239195486c900641

File Size: 1.7 MB

Uploaded At: Dec. 1, 2025, 7:44 a.m.

Views: 4

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • DllCanUnloadNow (Ordinal: 1, Address: 0x28500)
  • DllGetClassObject (Ordinal: 2, Address: 0x28540)
  • DllRegisterServer (Ordinal: 3, Address: 0xb830)
  • DllUnregisterServer (Ordinal: 4, Address: 0xb830)
  • MFCreateNetVRoot (Ordinal: 5, Address: 0x2de50)
  • MFCreateWMPMDEOpCenter (Ordinal: 6, Address: 0xf420)
  • MFCreateWinMDEOpCenter (Ordinal: 7, Address: 0x285f0)

Imported DLLs & Functions

api-ms-win-core-apiquery-l1-1-0.dll
  • ApiSetQueryApiSetPresence (Address: 0x180165798)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x1801657b8)
  • IsDebuggerPresent (Address: 0x1801657b0)
  • OutputDebugStringA (Address: 0x1801657c0)
  • OutputDebugStringW (Address: 0x1801657a8)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x1801657d0)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x1801657e0)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x1801657f0)
  • RaiseException (Address: 0x180165800)
  • SetLastError (Address: 0x1801657f8)
  • SetUnhandledExceptionFilter (Address: 0x180165808)
  • UnhandledExceptionFilter (Address: 0x180165810)
api-ms-win-core-file-l1-1-0.dll
  • CreateFileW (Address: 0x180165820)
  • GetFileAttributesExW (Address: 0x180165838)
  • GetFileSize (Address: 0x180165828)
  • WriteFile (Address: 0x180165830)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x180165848)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x180165858)
  • HeapAlloc (Address: 0x180165860)
  • HeapFree (Address: 0x180165868)
api-ms-win-core-heap-l2-1-0.dll
  • GlobalFree (Address: 0x180165880)
  • LocalFree (Address: 0x180165878)
api-ms-win-core-heap-obsolete-l1-1-0.dll
  • GlobalLock (Address: 0x180165890)
  • GlobalUnlock (Address: 0x180165898)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x1801658c8)
  • FindResourceExW (Address: 0x1801658f8)
  • FreeLibrary (Address: 0x1801658e8)
  • GetModuleFileNameA (Address: 0x1801658b8)
  • GetModuleFileNameW (Address: 0x1801658e0)
  • GetModuleHandleExW (Address: 0x1801658c0)
  • GetModuleHandleW (Address: 0x1801658a8)
  • GetProcAddress (Address: 0x1801658d8)
  • LoadLibraryExW (Address: 0x1801658b0)
  • LoadResource (Address: 0x1801658f0)
  • SizeofResource (Address: 0x1801658d0)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x180165908)
api-ms-win-core-memory-l1-1-0.dll
  • CreateFileMappingW (Address: 0x180165930)
  • MapViewOfFileEx (Address: 0x180165938)
  • OpenFileMappingW (Address: 0x180165918)
  • UnmapViewOfFile (Address: 0x180165928)
  • VirtualQueryEx (Address: 0x180165920)
api-ms-win-core-processthreads-l1-1-0.dll
  • CreateThread (Address: 0x180165980)
  • GetCurrentProcess (Address: 0x180165978)
  • GetCurrentProcessId (Address: 0x180165968)
  • GetCurrentThreadId (Address: 0x180165948)
  • GetProcessTimes (Address: 0x180165950)
  • TerminateProcess (Address: 0x180165970)
  • TlsGetValue (Address: 0x180165958)
  • TlsSetValue (Address: 0x180165960)
api-ms-win-core-processthreads-l1-1-1.dll
  • OpenProcess (Address: 0x180165990)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x1801659a0)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x1801659e0)
  • RegCreateKeyExW (Address: 0x1801659f8)
  • RegDeleteValueW (Address: 0x1801659d8)
  • RegEnumKeyExW (Address: 0x1801659b0)
  • RegEnumValueW (Address: 0x1801659e8)
  • RegGetValueW (Address: 0x1801659d0)
  • RegNotifyChangeKeyValue (Address: 0x1801659b8)
  • RegOpenKeyExW (Address: 0x1801659f0)
  • RegQueryInfoKeyW (Address: 0x1801659c0)
  • RegSetValueExW (Address: 0x1801659c8)
api-ms-win-core-rtlsupport-l1-1-0.dll
  • RtlCaptureContext (Address: 0x180165a10)
  • RtlLookupFunctionEntry (Address: 0x180165a18)
  • RtlVirtualUnwind (Address: 0x180165a08)
api-ms-win-core-string-l1-1-0.dll
  • CompareStringOrdinal (Address: 0x180165a30)
  • MultiByteToWideChar (Address: 0x180165a38)
  • WideCharToMultiByte (Address: 0x180165a28)
api-ms-win-core-string-l2-1-0.dll
  • CharNextW (Address: 0x180165a48)
api-ms-win-core-string-obsolete-l1-1-0.dll
  • lstrcmpiW (Address: 0x180165a58)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x180165aa8)
  • AcquireSRWLockShared (Address: 0x180165b08)
  • CreateEventA (Address: 0x180165ac0)
  • CreateEventExW (Address: 0x180165ad0)
  • CreateEventW (Address: 0x180165b10)
  • CreateSemaphoreExW (Address: 0x180165ae8)
  • CreateWaitableTimerExW (Address: 0x180165a68)
  • DeleteCriticalSection (Address: 0x180165a80)
  • EnterCriticalSection (Address: 0x180165a78)
  • InitializeCriticalSection (Address: 0x180165a88)
  • InitializeSRWLock (Address: 0x180165ae0)
  • LeaveCriticalSection (Address: 0x180165a90)
  • OpenEventW (Address: 0x180165ac8)
  • OpenSemaphoreW (Address: 0x180165ad8)
  • ReleaseSemaphore (Address: 0x180165b00)
  • ReleaseSRWLockExclusive (Address: 0x180165a70)
  • ReleaseSRWLockShared (Address: 0x180165a98)
  • ResetEvent (Address: 0x180165af0)
  • SetEvent (Address: 0x180165aa0)
  • SetWaitableTimer (Address: 0x180165af8)
  • WaitForMultipleObjectsEx (Address: 0x180165ab0)
  • WaitForSingleObject (Address: 0x180165ab8)
api-ms-win-core-synch-l1-2-0.dll
  • InitOnceExecuteOnce (Address: 0x180165b30)
  • Sleep (Address: 0x180165b38)
  • SleepConditionVariableSRW (Address: 0x180165b20)
  • WakeAllConditionVariable (Address: 0x180165b28)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemInfo (Address: 0x180165b58)
  • GetSystemTime (Address: 0x180165b48)
  • GetSystemTimeAsFileTime (Address: 0x180165b50)
  • GetTickCount (Address: 0x180165b60)
  • GetTickCount64 (Address: 0x180165b68)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpoolWait (Address: 0x180165b78)
  • CreateThreadpoolWait (Address: 0x180165b90)
  • SetThreadpoolWait (Address: 0x180165b80)
  • WaitForThreadpoolWaitCallbacks (Address: 0x180165b88)
api-ms-win-core-timezone-l1-1-0.dll
  • FileTimeToSystemTime (Address: 0x180165ba8)
  • SystemTimeToFileTime (Address: 0x180165ba0)
api-ms-win-core-toolhelp-l1-1-0.dll
  • CreateToolhelp32Snapshot (Address: 0x180165bc8)
  • Process32FirstW (Address: 0x180165bb8)
  • Process32NextW (Address: 0x180165bc0)
api-ms-win-core-util-l1-1-0.dll
  • DecodePointer (Address: 0x180165bd8)
  • EncodePointer (Address: 0x180165be0)
api-ms-win-core-version-l1-1-0.dll
  • VerQueryValueW (Address: 0x180165bf0)
api-ms-win-core-version-l1-1-1.dll
  • GetFileVersionInfoW (Address: 0x180165c00)
api-ms-win-core-winrt-error-l1-1-0.dll
  • RoOriginateError (Address: 0x180165c10)
api-ms-win-eventing-classicprovider-l1-1-0.dll
  • GetTraceEnableFlags (Address: 0x180165c48)
  • GetTraceEnableLevel (Address: 0x180165c20)
  • GetTraceLoggerHandle (Address: 0x180165c40)
  • RegisterTraceGuidsW (Address: 0x180165c38)
  • TraceMessage (Address: 0x180165c28)
  • UnregisterTraceGuids (Address: 0x180165c30)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventEnabled (Address: 0x180165c68)
  • EventRegister (Address: 0x180165c60)
  • EventSetInformation (Address: 0x180165c58)
  • EventUnregister (Address: 0x180165c70)
  • EventWriteTransfer (Address: 0x180165c78)
d3d11.dll
  • D3D11CreateDevice (Address: 0x180165c88)
msvcrt.dll
  • __C_specific_handler (Address: 0x180165da8)
  • __CxxFrameHandler3 (Address: 0x180165d10)
  • __dllonexit (Address: 0x180165de8)
  • _amsg_exit (Address: 0x180165d00)
  • _callnewh (Address: 0x180165ca0)
  • _errno (Address: 0x180165d88)
  • _gcvt_s (Address: 0x180165dd0)
  • _i64toa_s (Address: 0x180165cf8)
  • _i64tow_s (Address: 0x180165ce0)
  • _initterm (Address: 0x180165d20)
  • _lock (Address: 0x180165d90)
  • _ltoa_s (Address: 0x180165cf0)
  • _ltow_s (Address: 0x180165db8)
  • _onexit (Address: 0x180165cc8)
  • _purecall (Address: 0x180165e20)
  • _ui64toa_s (Address: 0x180165d28)
  • _ui64tow_s (Address: 0x180165cd0)
  • _ultoa_s (Address: 0x180165d30)
  • _ultow_s (Address: 0x180165d68)
  • _unlock (Address: 0x180165d98)
  • _vsnprintf (Address: 0x180165ce8)
  • _vsnwprintf (Address: 0x180165d78)
  • _wcsicmp (Address: 0x180165db0)
  • _wcsnicmp (Address: 0x180165dd8)
  • _wtol (Address: 0x180165d38)
  • _XcptFilter (Address: 0x180165c98)
  • bsearch (Address: 0x180165d80)
  • free (Address: 0x180165e30)
  • isalpha (Address: 0x180165d58)
  • isdigit (Address: 0x180165d60)
  • islower (Address: 0x180165dc8)
  • iswalpha (Address: 0x180165d48)
  • iswdigit (Address: 0x180165d50)
  • iswxdigit (Address: 0x180165cb8)
  • malloc (Address: 0x180165e38)
  • memchr (Address: 0x180165e00)
  • memcmp (Address: 0x180165df8)
  • memcpy (Address: 0x180165da0)
  • memcpy_s (Address: 0x180165e28)
  • memmove (Address: 0x180165cc0)
  • memset (Address: 0x180165d18)
  • qsort (Address: 0x180165e18)
  • rand (Address: 0x180165ca8)
  • realloc (Address: 0x180165d08)
  • strncmp (Address: 0x180165e10)
  • strncpy_s (Address: 0x180165e08)
  • strnlen (Address: 0x180165df0)
  • toupper (Address: 0x180165dc0)
  • towlower (Address: 0x180165cb0)
  • towupper (Address: 0x180165d40)
  • wcschr (Address: 0x180165d70)
  • wcscmp (Address: 0x180165e48)
  • wcsncmp (Address: 0x180165de0)
  • wcsncpy_s (Address: 0x180165e40)
  • wcsstr (Address: 0x180165cd8)
ntdll.dll
  • NtClose (Address: 0x180165e70)
  • NtCreateFile (Address: 0x180165e78)
  • NtDeviceIoControlFile (Address: 0x180165e60)
  • NtQuerySystemInformation (Address: 0x180165e68)
  • RtlInitUnicodeString (Address: 0x180165e58)
RTWorkQ.DLL
  • RtwqCancelDeadline (Address: 0x180165758)
  • RtwqCreateAsyncResult (Address: 0x180165768)
  • RtwqInvokeCallback (Address: 0x180165770)
  • RtwqSetLongRunning (Address: 0x180165760)
SspiCli.dll
  • EncryptMessage (Address: 0x180165788)
  • QueryContextAttributesW (Address: 0x180165780)